trafficserver git commit: TS-3320: add traffic_manager support for not switching credentials

[jpeach]

Repository: trafficserver
Updated Branches:
  refs/heads/master 1ccb1ea4c -> ed89e5429


TS-3320: add traffic_manager support for not switching credentials

Setting the admin user to "#-1" has the documented semantics of
causing traffic_server to not attempt to switch user credentials.
Add the same feature to traffic_manager so tht it is possible to
use this in practice.


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/ed89e542
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/ed89e542
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/ed89e542

Branch: refs/heads/master
Commit: ed89e54296716a1b56ddeebf7667091724d6a6df
Parents: 1ccb1ea
Author: James Peach <jpe...@apache.org>
Authored: Wed Jan 21 20:41:45 2015 -0800
Committer: James Peach <jpe...@apache.org>
Committed: Sat Jan 24 17:09:26 2015 -0800

----------------------------------------------------------------------
 CHANGES                                |  2 ++
 cmd/traffic_cop/traffic_cop.cc         |  2 +-
 cmd/traffic_manager/traffic_manager.cc | 11 +++++++++--
 lib/ts/ink_defs.cc                     |  7 +++++++
 lib/ts/ink_defs.h                      |  1 +
 proxy/Main.cc                          |  2 +-
 6 files changed, 21 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ed89e542/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 18b04c0..e61a7ac 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache Traffic Server 5.3.0
 
+  *) [TS-3320] traffic_manager does not accept "#-1" as the admin user.
+
   *) [TS-3318] Remove mgmt/Web2/WebHttpSession.{cc,h}, it is not used.
 
   *) [TS-3243] Removing warnings from loading certificates with duplicated 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ed89e542/cmd/traffic_cop/traffic_cop.cc
----------------------------------------------------------------------
diff --git a/cmd/traffic_cop/traffic_cop.cc b/cmd/traffic_cop/traffic_cop.cc
index 7cf32ec..e214877 100644
--- a/cmd/traffic_cop/traffic_cop.cc
+++ b/cmd/traffic_cop/traffic_cop.cc
@@ -49,7 +49,7 @@ union semun
 #endif  // linux check
 #include <grp.h>
 
-static const long MAX_LOGIN =  sysconf(_SC_LOGIN_NAME_MAX) <= 0 ? 
_POSIX_LOGIN_NAME_MAX :  sysconf(_SC_LOGIN_NAME_MAX);
+static const int MAX_LOGIN = ink_login_name_max();
 
 #define OPTIONS_MAX     32
 #define OPTIONS_LEN_MAX 1024

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ed89e542/cmd/traffic_manager/traffic_manager.cc
----------------------------------------------------------------------
diff --git a/cmd/traffic_manager/traffic_manager.cc 
b/cmd/traffic_manager/traffic_manager.cc
index fb3ce44..6b099b7 100644
--- a/cmd/traffic_manager/traffic_manager.cc
+++ b/cmd/traffic_manager/traffic_manager.cc
@@ -373,6 +373,8 @@ millisleep(int ms) {
 int
 main(int argc, char **argv)
 {
+  const long MAX_LOGIN = ink_login_name_max();
+
   // Before accessing file system initialize Layout engine
   Layout::create();
   ink_strlcpy(mgmt_path, Layout::get()->sysconfdir, sizeof(mgmt_path));
@@ -398,7 +400,7 @@ main(int argc, char **argv)
   int proxy_backdoor = -1;
   char *envVar = NULL, *group_addr = NULL, *tsArgs = NULL;
   bool log_to_syslog = true;
-  char userToRunAs[80];
+  char userToRunAs[MAX_LOGIN + 1];
   RecInt fds_throttle = -1;
   time_t ticker;
   ink_thread webThrId;
@@ -554,7 +556,12 @@ main(int argc, char **argv)
   RecGetRecordInt("proxy.config.net.connections_throttle", &fds_throttle);
 
   set_process_limits(fds_throttle); // as root
-  runAsUser(userToRunAs);
+
+  // A user of #-1 means to not attempt to switch user. Yes, it's documented ;)
+  if (strcmp(userToRunAs, "#-1") != 0) {
+    runAsUser(userToRunAs);
+  }
+
   EnableCoreFile(true);
   check_lockfile();
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ed89e542/lib/ts/ink_defs.cc
----------------------------------------------------------------------
diff --git a/lib/ts/ink_defs.cc b/lib/ts/ink_defs.cc
index beffbd9..b9ba1b1 100644
--- a/lib/ts/ink_defs.cc
+++ b/lib/ts/ink_defs.cc
@@ -136,3 +136,10 @@ ink_number_of_processors()
   return sysconf(_SC_NPROCESSORS_ONLN); // number of processing units 
(includes Hyper Threading)
 #endif
 }
+
+int
+ink_login_name_max()
+{
+  long value = sysconf(_SC_LOGIN_NAME_MAX);
+  return value <= 0 ? _POSIX_LOGIN_NAME_MAX : value;
+}

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ed89e542/lib/ts/ink_defs.h
----------------------------------------------------------------------
diff --git a/lib/ts/ink_defs.h b/lib/ts/ink_defs.h
index 478d78a..8a23d04 100644
--- a/lib/ts/ink_defs.h
+++ b/lib/ts/ink_defs.h
@@ -152,6 +152,7 @@ extern int on;
 */
 int ink_sys_name_release(char *name, int namelen, char *release, int 
releaselen);
 int ink_number_of_processors();
+int ink_login_name_max();
 
 #if TS_USE_HWLOC
 // Get the hardware topology

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ed89e542/proxy/Main.cc
----------------------------------------------------------------------
diff --git a/proxy/Main.cc b/proxy/Main.cc
index fe3f3c6..e03925f 100644
--- a/proxy/Main.cc
+++ b/proxy/Main.cc
@@ -113,7 +113,7 @@ extern "C" int plock(int);
 #define DEFAULT_REMOTE_MANAGEMENT_FLAG    0
 #define DIAGS_LOG_FILENAME                "diags.log"
 
-static const long MAX_LOGIN =  sysconf(_SC_LOGIN_NAME_MAX) <= 0 ? 
_POSIX_LOGIN_NAME_MAX :  sysconf(_SC_LOGIN_NAME_MAX);
+static const long MAX_LOGIN = ink_login_name_max();
 
 static void * mgmt_restart_shutdown_callback(void *, char *, int data_len);
 static void*  mgmt_storage_device_cmd_callback(void* x, char* data, int len);